Essential Eight Compliance

Cyber Compliance is Coming

Within Europe (GDPR) and the US (HIPAA and CCPA) various IT security standards are mandatory when handling personal client data. In Australia it is merely recommended or advised. Integer IT believe it is only a matter of time when similar worldwide standards are mandated here.

We are already witnessing insurance companies’ questions about IT protection, recovery and data handling being far more specific than even a year ago when determining insurance risk. It also impacts the business continuity view of risk in terms of data loss and encryption, ransom as well as reputational risk if breaches must be declared.

Insurance questions we have helped clients with include:

• Is 2FA or Multifactor Authentication in place?
• Do you have email filtering, what software is used?
• Do employees receive Phish Threat Training?
• How often are passwords reset?
• Is there a firewall in place, name it as well as the software subscribed to what level?
• Are Microsoft macros turned off?
• How often are backups taken, is it encrypted?
• Is Microsoft related email backed up?
• Is there a test of backups, what is the procedure and how often is it performed?

Australian Cyber Security Centre

The Australian Cyber Security Centre (ACSC) advises on the Essential Eight approach whereby they have outlined specific IT security maturity levels.

https://www.cyber.gov.au/acsc/view-all-content/essential-eight

We work with our clients to adopt this level of strategic thinking of Cyber Risk with the desire to adopt at least Maturity Level 1, so we are not only adopting a secure posture now we are also ready when the Australian Government mandates, we have to have it in place. So lets get ready.

IT Security

We provide security in layers and profile users depending on their data access authority level. Unfortunately, Cyber Security is a critical concern for all businesses especially those who hold personal client data.

Integer IT provide a stack of security layers these include:

• Email Filtering
• Secure Firewalls and VPN Access
• Server and endpoint protection,
• Device encryption and Mobile Device Management
• Multi factor authentication,
• Hosted data back up and annual disaster recovery testing, Microsoft 365 back ups
• Dark Web Monitoring
• Phishing Training.
• Zero Trust Networks